6 Tips for Getting the Most Out of Your Next External Audit

Posted by Craig Thornton

Stop wasting your money on compliance audits that add no value

As deeply as I believe in the value of the ISO standards, one thing in particular has always bugged me: that external audits often resemble old tomato sandwiches.

External audits should be the event around which companies really get stuck into the nitty-gritty – a point at which hard decisions are made (or at least begin to be made), because having an outside auditor – with years of experience in how other companies ‘do stuff’ – look deep into your systems should be a fantastic opportunity.  

Sadly, more often than not, external audits end up being softer than a 3-day-old tomato sandwich.


The problem is that many auditors tend to go wide in scope, rather than deep into the detail.  But it is only when audits go really deep, that the true state of a system can be assessed – and improvements identified.

Old tomato sandwich, anyone?

So why are soft audits so commonplace?  Partly it comes down to human psychology – easy is good, right? Auditors are like everyone else - they don’t want unnecessary drama in their workday.  Compliance managers don’t either. But the problem is also partly structural – specifically a big, nasty old problem called ‘conflict of interests’.

Here’s the thing – you (the client) want to get certified (or recertified) to an ISO standard. So you hire a certification body to audit you.  Immediately we have an ethical dilemma in play: the certification body’s commercial interests collide head-on with its responsibilities as an ethical auditor.  If they give you a tough audit, or fail you, then they stand every chance of losing you as a client.  I was an auditor for a certification body for 5 years and I can tell you that this ethical dilemma is very real.

It's time to get proactive

For QHSE professionals an external audit is the (very visible) highlight of the year.  And given the audit results can end up driving the focus of your work for months to come, you want to make sure you get some really good ‘meat-and-potatoes’ out of it. You want everyone - the management team especially - to see all the good stuff that a robust, rigorous system can bring to your business.  But with a significant conflict of interest messing up the menu, you need be proactive.

As much as we prefer things to be easy, some things actually need to be hard to deliver value.  Take exercise for example - the harder it is, the fitter you'll get.  The same is true with the audit process where you'll need to be proactive in order to drive up the performance.

6 ways to get the most out of your next audit

Follow these simple steps to get more value out of your next audit: 

  1. Interview your certification body. Tell them what you want from both their audits and their auditors.
  2. Ask for the CVs of your potential auditors.  Have they worked in your industry - or at least in an industry with similar issues?
  3. Ask the people in your networks which auditors have given them the most help. Which ones have been tough in a useful way?  Which ones have shown insight and given practical, valuable feedback?
  4. When you have found a great auditor, ask for them by name.  Often auditors are given a particular audit not because of their expertise in that area, but because they happen to be available on those days. No. Not good enough. You, your colleagues and your customers deserve better than that.
  5. Ask for at least 3 auditors: 1 Lead and 2 Technical.  Don’t skimp.  Pay the extra and give your team three experts to learn from.  Obviously this will depend on the size of your company but 3 is a minimum.
  6. In the down-times that every audit has (at lunch maybe, or at the end of the audit), talk with your auditors.  Pick their brains.  Ask questions like: What are the best ideas you've come across in an audit? What are the most common mistakes organisations in our industry make?  What key piece of advice can you give me? Who or what has had the most influence on you as an auditor? Which writers and blogs do you follow? 

The answer to the conundrum of certification bodies’ conflict of interest is to get tough.  If they give you a soft, easy audit with pat non-conformances, tell them that unless they can significantly up their game, you will find a new certification body, thanks.  Demand that they provide your organisation with knowledgeable experts in your industry who are good communicators and who are interested in helping the ISO standard be a meaningful, bedrock philosophy in your company.

Don’t put up with old tomato sandwiches from anyone - especially when you're paying for them!

Tags: ISO, External Audit, Audits & Inspections